Multiplatform Badbunny worm attacks OpenOffice across Windows, Mac and Linux

A proof-of-concept multiplatform macro worm that can attack OpenOffice on Windows, Mac and Linux PCs, has been sent to security vendor Sophos.

The "Badbunny" worm attempted to download and display an indecent JPG image of a bunny-suited man.

The SB/Badbunny-A worm could infect users who open an OpenOffice Draw file called badbunny.odg, researchers at the Boston-based vendor said. A macro included in the file performed different functions depending on whether the user is running Windows, the Mac operating system or Linux.

The "upside" of Badbunny, said Ron O'Brien, a senior security analyst at Sophos, "is that it was not found in the wild. It was sent directly to the Sophos lab."

However, its existence has negative security ramifications for Mac and Linux users, he said.

"It's in a category of what we'd call "proof of concept," and it's the first volley of malware that operates on all three platforms," said O'Brien. "It's clearly an indication that this person is making a statement about whether one operating system is more insecure than another, and we can expect to see additional malware that's capable of operating across multiple platforms."

In Windows, the worm dropped a file called drop.bad, which moves to the system.ini file in a mIRC folder. It also dropped and executed badbunny.js, a JavaScript virus that replicates to other files in the folder, according to Sophos.